How To Configure Firewall To Allow Tailscale To Make Direct Connection?
If I use the native Windows firewall, Tailscale will be able to make direct connection with other computers. However when I switch to Bitdefender Firewall, direct connection can no longer be made. It has to use a relay server. Is there any way to resolve this?
Answers
-
Hello.
You should contact Bitdefender Consumer Support by chat, telephone or e-mail:
NOTE: Bitdefender telephone support is not toll-free!
Regards.
0 -
To configure a firewall to allow Tailscale to make a direct connection, you will need to open specific ports and protocols that Tailscale uses to communicate. Here are the steps you can take to configure your firewall to allow Tailscale to make a direct connection:
- Identify the ports and protocols that Tailscale uses: Tailscale uses the UDP protocol on port 51820 for peer-to-peer communication, and also uses port 443 for outbound connections to the Tailscale network.
- Create a firewall rule to allow incoming and outgoing traffic on the identified ports: Depending on your firewall configuration, you may need to create separate rules for incoming and outgoing traffic. You can also create a rule to allow all traffic from the Tailscale process.
- Allow traffic from the Tailscale process: You will need to configure your firewall to allow traffic from the Tailscale process, so that the firewall does not block Tailscale's connections.
- Make sure to check your firewall's documentation for specific instructions on how to create and configure firewall rules as it can vary depending on the type of firewall you are using.
- Test the connection: Once you've made the changes to your firewall, you should test the Tailscale connection to ensure that it is able to make a direct connection as expected.
It's important to note that depending on the security policies of your organization or the specific
0 -
Hello, I tried what suggested here on the Bitdefender total security firewall but unfortunately the problem persists.
0 -
How do I access Bitdefender's firewall to allow for Tailscale operation?
0 -
To configure a firewall to allow Tailscale to make a direct connection, follow these steps:
- Allow UDP traffic on ports 41641 and 53 for Tailscale's peer-to-peer communication and DNS.
- Enable traffic on TCP and UDP ports 443, 41641, and 3478, as these are used for relaying and coordination.
- Add the Tailscale IP range to your firewall's allowlist so it can route traffic through connected devices.
- Ensure the firewall doesn’t interfere with Tailscale’s encrypted connections by disabling Deep Packet Inspection (DPI) on the Tailscale traffic.
- Set up port forwarding and check Network Address Translation (NAT) settings if you're using a more restrictive firewall.
This will help ensure Tailscale can establish a direct connection through the firewall.0 -
Hello everyone!
I had a mail exchange with Tailscale and they also gave me the same advice as matthewshort. A guide on how to set the firewall correctly is the following:Open Bitdefender → protection → Firewall
Then click on Rules → add new rule → apply the rule to all apps →
Type of network: all networks
protocol: any
direction: both
then click on Show Advance Settings → enable "remote personal address"
IP: 100.64.0.0/10 (Tailscale provided me with this IP range which is the one used by tailscale protocol by default)
Ports: 443, 41641, 3478
Then create a new rule but this type of protocol is UDP and ports are 53, 4164.
This is the end result:
If you want to use SMB (aka access your NAS from Explorer with a Windows PC) you should also enable TCP ports 139 and 445
0
